Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Apple iOS 6.1.3 Fixes Evasion Jailbreak Bug, WebKit Flaw

Apple has patched a handful of security vulnerabilities in iOS, including a bug that was used for the latest iPhone jailbreak tool, called Evasion. Apple iOS 6.1.3 has patches for six vulnerabilities, including the screen lock bypass bug and a flaw in WebKit that can be used to execute arbitrary code.

Apple has patched a handful of security vulnerabilities in iOS, including a bug that was used for the latest iPhone jailbreak tool, called Evasion. Apple iOS 6.1.3 has patches for six vulnerabilities, including the screen lock bypass bug and a flaw in WebKit that can be used to execute arbitrary code.

The release of iOS 6.1.3 constitutes a major security update for iPhone, iPod and iPad users and it’s one that most users should install as soon as they can. However, for those iPhone owners who have jailbroken their devices already, installing the update will undo that process and prevent users from rolling back to the older, jailbroken state.

Perhaps the most serious vulnerability repaired in iOS 6.1.3 is the WebKit flaw, which can be used for remote code execution.

“Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking,” Apple said in its advisory.

In addition to that fix, Apple also included a patch for a known vulnerability in iOS that enables a user to bypass the PIN code lock to gain access to the device.

“A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management,” Apple said.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.